Textmasterformat bearbeiten

Second Level

Third Level– Fourth Level

Fifth Level

February 17, 2017

MTCS – Modular Train Control System

217.02.2017

Unique Liaison between Modularity and Safety

Open and modular railway computer platform Based on standard hardware and software Freely programmable

Certifiable up to SIL 4 Complies with EN5012x, EN 50155 and EN 50121-4 railway standard Scalable safety-level - solely determined by application requirements Comes with certification packages with certification from TÜV SÜD

317.02.2017

MTCS Innovations – Your Benefits

Suitable for wayside and rolling stock

Pre-certified hardware and software

No fixed end application

Usage of open standards

Family concept

Open software interfaces

Various applications with one safe platform

Real-time Ethernet connection

Additional remote I/O boxes

Synergy effects

Low risk, saves cost and time

Application remains on customer side

Interoperability, independent of single supplier

Future-safe, long life-cycles

Highest programming flexibility

Saves costs and installation efforts

Safe and fast I/O with growing I/O family

Less cabling, unlimited system extension

4

Two Birds with One Stone –MTCS for Rolling Stock and Wayside ApplicationsRolling Stock Synergy effects

Wayside

CBI – Computer Based Interlocking

CBTC – Communication Based Train Control

TCMS – Train Control Management System

ATO / ATP – Automated Train Control / Protection (for ETCS,

PTC, CTCS, Klub-U)MTCS suitable for all safety-relevant rail applications

Saves costs and time-to-market

5

Typical Use Case – On-Board Unit for ETCS

ETCS is the European train protection system Train separation or collision avoidance Line speed enforcement (emergency brake) Temporary speed restrictions

MTCS provides major functions of the EVC (European Vital Computer) GSM-R communication ETCS application computer Interfaces to other ETCS equipment Interfaces to train

MVB

Profibus

Balise Ethernet

GSM-R

Train Interfaces

6

The Key for Variety –Separation of Control and Application

User Safety Application

Pre-Certified Platform Software

Pre-Certified Hardware Components

Done by MEN

Done by Customer

Competitive advantage through full function control

Best use of core competencies for all parties

One platform – many applications

7

Safe Domain and I/O Domain

Safe I/OMVB, Profibus, Ethernet…

Virtual Safe CPU

CPU 3 – I/O processor

CPU 2Sync/CompareCPU 1

Platform SWPlatform SW

EtherCAT masterPeripheral drivers

Safe communication through black channel

Limits the effort of safe application programming

Accelerates software development

Fail-silent architecture

8

The Software Architecture Behind –Safe Domain and I/O Domain

Pre-Certified Hardware Components

Application independent of hardware

User Safety Application

Safety Communication Layer

Safe QNX / Safe BSP

User Safety Application

Safety Communication Layer

Safe QNX / Safe BSP

Safe Domain (CPU board) I/O Domain (CPU board)

Non-Safe Application Communication, Diagnosis, Services

Driver Libraries

Linux (Soft Real-Time)

Safe Domain (I/O board)

Safety Communication Layer

I/O domain SW changeable without recertification

Many applications with one platform – saves cost

Pre-Certified Platform Software

Separation between safe application (QNX) and communication (Linux)

Double execution of safe application on two separated processors Synchronization and compare between CPs and communication

layer Different applications on one safety platform through high-

performance CPUs and QNX partitioning

9

Endless Programming Possibilities

User Safety Application

Safety Communication Layer

Safe QNX / Safe BSP

User Safety Application

Safety Communication Layer

Safe QNX / Safe BSP

Safe Domain (CPU board) I/O Domain (CPU board)

Non-Safe Application Communication, Diagnosis, Services

Driver Libraries

Linux (Soft Real-Time)

Based on open software interfaces (open API) and standard operating systems

Standard POSIX programming interface

Programming of safe domain application possible in: C

Model-based (e.g. SCADE)

Soft PLC

Ada

Highest flexibility

Reduces overall cost

Future proof architecture

Compatible successorproducts scheduled

Saves your softwareinvestment

10

MTCS Family Members

Controller Unit MH50C, based on dual-redundant CPU board F75P For up to 6 I/O boards (either safe I/O

boards or usual interface boards for Ethernet, Wi-Fi, GPS, MVB etc.)

Wide-range DC or AC power supply

Safe I/O cards for binary input/output and frequency input (more functions scheduled) For use in controller unit or remote I/O

boxes

Safe remote I/O extension boxes Up to 4, 6, or 8 certifiable safe I/O boards

Real-time Ethernet interface with chassis configuration switch

Compact housing

Flexible configuration options

Expandable with up to 63 remote I/O boxes

Scalable SIL levels (single cards for SIL 2,two cards for SIL 3 / 4)

Close connection toactors / sensors (lesscabling)

Improves signal integrity

For virtually endless system extension

11

Communication via Real-Time Ethernet

No Ethernet switchesneeded

High availability with littlecabling effort

All I/Os (control unit and remote I/O boxes) are connected via real-time Ethernet ”EtherCAT“

Communication protected via Safety over EtherCAT (FSOE) protocol

Connected in a ring topology Tolerates single failures like broken cables

Safe and fast I/O throughSafety over EtherCat

MH50C MTCS Controller

MTCS Remote I/O MTCS Remote I/O MTCS Remote I/O

Remote IO reduces cablingeffort / better signal integrity

12

MTCS Components with Guaranteed Safety

TÜV Certificate

TÜV Assessment Report

Safety CaseSafety User Guide

F75P QNXBSP

QNX Drivers

Pre-certification saves cost and time

Safe CPU board F75P

Safe I/O cards

Lowers project risk on customer side

13

Open and Modular System

MTCS is exclusively based on open industry standards in hardware, software and communication

Independence from singlesupplier

Easy integration of thirdparty products

Easy exchange of obsolete products

Standard hardware with X86 host controller

CompactPCI industry standard

Standard OS (QNX, Linux)

Standard Ethernet communication

Standard POSIX interface for programming in “C”

14

Compliance to Market Standards

Safety requirements EN 50126: Railway applications – The

Specification and Demonstration of Reliability, Availability, Maintainability and Safety (RAMS)

EN 50128: Railway applications –Communications, signaling and processing systems - Software for railway control and protection systems

EN 50129: Railway applications –Communications, signaling and processing systems – Safety related electronic systems for signaling

Environmental requirements EN 50155 compliance Extended temperature range Shock and vibration resistant Conformal coating EMC-compatible with EN 50121-4

Immediately rail-ready

Qualified and tested for reliable operation

15

Family Concept and Life-Cycle Management

Guaranteed availability of 10 years for all single products

Change effect analysis document gives complete traceability in case of redesign

Easy exchange of single parts through open standards

Growing family of hardware components including software packages until 2050 scheduled

Unlimited life-cycle possible

Growing product range forindividual requirements

16

Unique Solution for the Rail Market

Usable for a multitude of varying rail applications through high modularity

Completely based on standards also reducing life-cycle cost of each rail project

Significant cost and time saving through pre-certification of hardware and software

Certification packages with certificate from TÜV SÜD

Compliant to all relevant safety and environmental standards